 |  |  |  |  |  |  |  |
Redirected IE start page
 |
About 2 months ago I obtained a virus that redirects my IE start page to a host of various start engines. Each morning I run Spybot and Ad-aware 6.0 and they find the registry changes made by the virus, change the registry back to what it should be, but by the next morning the registry has been changed back by the virus. I dont know how to find and delete the virus. Anybody else have this problem. Attached to this post is a word document with a screen print showing the registry changes that Spybot finds and fixes. Please help.
•
•
Join Date: Aug 2003
Posts: 9,800
Reputation: 
Solved Threads: 514
This is a copy/paste from TweekXp
Here is what you do to fix it:
1. Delete your current hosts file. Open Windows Explorer and go to C:\Windows\system32\drivers\etc - in that folder you will see your hosts file, right click on it and select delete (if you have a hosts backup file delete it as well).
2. Flush your DNS resolver, start - run and type ipconfig /flushdns
3. Download SpyBot Search & Destroy and update it. Once you install it open the program in advanced mode and select "search for updates" check EVERY box then select "download updates". Once it is done SpyBot should restart itself, then select the "Immunize" icon on the left, under this tab select the "Immunize" button and select the "Install" button for "Block all bad pages silently", then check the box "Lock Hosts file read-only as protection against hijackers". Now scan your pc with SpyBot, select the "Search & Destroy" icon at the top left then select "Check for problems", once is done scanning DELETE EVERYTHING IT FINDS.
4. Download Ad Aware and update it and scan. Once you install it select "Check for updates now" and install the latest reference file. Once that is done select the "Scan now" button and select "Customize", check EVERYTHING there, then select "Clixk here to select drives + folders" and make sure ALL your partitions and drives are selected. Now select "Proceed", then scan your pc and DELETE EVERYTHING IT FINDS.
5. Download SpywareBlaster and update it. Once you install it open the program and select "Check for Updates" then select "Download Update(s)" then "Finish" once you have done that it takes you back to the main program, now select "Select All" then "Protect Against Checked Items!" then close the program.
6. Delete your temporary internet files and cookies.
7. Make sure you have ALL of the latest Windows Updates, this is possibly caused by a flaw in IE.
8. LuzArius, a new member has posted a link to F-Secure Antivirus, according to this it is a trojan, read HERE about it. So make sure your antivirus app is up to date and it's hueristics are set to the highest level and do a thorough system scan.
You can also follow this excellent tutorial with graphics if you have any problems HERE.
By following ALL of the above you should have eliminated any spyware or hijackers from your system and prevented them from infecting you in the future. If you are still having problems please try and stick to just one thread about this topic so we can narrow down the particular problem you are having.
Everyone PLEASE follow this advice, the staff here ALWAYS highly recommends using all of the above mentioned apps and doing the other things suggested. If everyone had done these things this would never have been an issue. Just be thankful it is an easy fix and not a malicious trojan or spyware.
Thank You,
The TweakXP Staff
Here is what you do to fix it:
1. Delete your current hosts file. Open Windows Explorer and go to C:\Windows\system32\drivers\etc - in that folder you will see your hosts file, right click on it and select delete (if you have a hosts backup file delete it as well).
2. Flush your DNS resolver, start - run and type ipconfig /flushdns
3. Download SpyBot Search & Destroy and update it. Once you install it open the program in advanced mode and select "search for updates" check EVERY box then select "download updates". Once it is done SpyBot should restart itself, then select the "Immunize" icon on the left, under this tab select the "Immunize" button and select the "Install" button for "Block all bad pages silently", then check the box "Lock Hosts file read-only as protection against hijackers". Now scan your pc with SpyBot, select the "Search & Destroy" icon at the top left then select "Check for problems", once is done scanning DELETE EVERYTHING IT FINDS.
4. Download Ad Aware and update it and scan. Once you install it select "Check for updates now" and install the latest reference file. Once that is done select the "Scan now" button and select "Customize", check EVERYTHING there, then select "Clixk here to select drives + folders" and make sure ALL your partitions and drives are selected. Now select "Proceed", then scan your pc and DELETE EVERYTHING IT FINDS.
5. Download SpywareBlaster and update it. Once you install it open the program and select "Check for Updates" then select "Download Update(s)" then "Finish" once you have done that it takes you back to the main program, now select "Select All" then "Protect Against Checked Items!" then close the program.
6. Delete your temporary internet files and cookies.
7. Make sure you have ALL of the latest Windows Updates, this is possibly caused by a flaw in IE.
8. LuzArius, a new member has posted a link to F-Secure Antivirus, according to this it is a trojan, read HERE about it. So make sure your antivirus app is up to date and it's hueristics are set to the highest level and do a thorough system scan.
You can also follow this excellent tutorial with graphics if you have any problems HERE.
By following ALL of the above you should have eliminated any spyware or hijackers from your system and prevented them from infecting you in the future. If you are still having problems please try and stick to just one thread about this topic so we can narrow down the particular problem you are having.
Everyone PLEASE follow this advice, the staff here ALWAYS highly recommends using all of the above mentioned apps and doing the other things suggested. If everyone had done these things this would never have been an issue. Just be thankful it is an easy fix and not a malicious trojan or spyware.
Thank You,
The TweakXP Staff
I have the very same problem as Ctlong.
And I was happy to finally see a solution, BUT...
It didn't work!
My startpage randomlly sets itself to this: http://www.cool-search.net/
Well, thats what it says in the browser. In Internet Explorer> Tools> Options, the startpage says : http://t.rack.cc/hp. php
(I've made a space between the dot and php, so nobody accidentally clicks it)
But it comes up as cool-search...
anyway - I'm desperate to get that page away. I used Ad-aware, Stinger and McAffe (Only Ad-aware found something, but it comes back anyway) I tried to open Spybot, but it won't start up for some reason.
Also I have StartPageGuard, but that program just seems to notice a difference, not do anything about it...
HEEEELP
Why do people do this? Do they actually think it's good for buisness? Will I ever use Cool-search when it acts like that?
I guess last option is format the harddisk...
And I was happy to finally see a solution, BUT...
It didn't work! My startpage randomlly sets itself to this: http://www.cool-search.net/
Well, thats what it says in the browser. In Internet Explorer> Tools> Options, the startpage says : http://t.rack.cc/hp. php
(I've made a space between the dot and php, so nobody accidentally clicks it)
But it comes up as cool-search...
anyway - I'm desperate to get that page away. I used Ad-aware, Stinger and McAffe (Only Ad-aware found something, but it comes back anyway) I tried to open Spybot, but it won't start up for some reason.
Also I have StartPageGuard, but that program just seems to notice a difference, not do anything about it...
HEEEELP
Why do people do this? Do they actually think it's good for buisness? Will I ever use Cool-search when it acts like that?
I guess last option is format the harddisk...
Btw, Caperjack> looked for this TweekXP - Couldn't find much? Could you direct me in the right direction? 
•
•
Join Date: Oct 2003
Posts: 73
Reputation:
Solved Threads: 1
Junior Poster in Training
VoodoomanX
Please Download hijackthis from
http://tomcoyote.org/hjt
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
Please Download hijackthis from
http://tomcoyote.org/hjt
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
|
Similar Threads
- how can I change start page & recover the general page button to change (Web Browsers)
- About:blank Trusted start page (tried everything now!!) (Viruses, Spyware and other Nasties)
- Internet start page has been hijacked. Here's my log. (Viruses, Spyware and other Nasties)
- Messed up start page. (Web Browsers)
- IE 6 start page getting changed to about:blank (Web Browsers)
Other Threads in the Web Browsers Forum
- Previous Thread: Default homepage
- Next Thread: Internet Explorer 6 will not access web
Views: 11007 | Replies: 6
| Thread Tools | Search this Thread |
Latest Web Browsers Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Web Browsers
aiim2009 andrewlippmann aol apple awesomebar background britain browser browserproblems browsers browsing budget bug bughunt censorship childabuse chrome client code compuserve contest crash development dns email error eu europe exploit explorer facebook fennec fileeditmissing firefox flash gecko google government history ie7 ie8 internet internet.broadband internetexplorer internetexplorer8 iphone linux malware marshallmcluhan media memory microsoft mitmedialab mosaic mozilla music netscape networking news newyork offline olympics onlinecommunities opensource opera opera.software patch plugins porn privacy problem safari seamonkey security server sex silverlight social software survey surveys teenagers television testing thunderbird u.s. uk update usenet users utest video web webbrowser webdevelopment webusage windowslivemail worldrecord worldwideweb xp
